2024-05-05 eguneraketa
This commit is contained in:
parent
73838d1aa5
commit
da5371f30f
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,5 +1,16 @@
|
||||
# Changelog
|
||||
|
||||
## Unreleased 2024-05-05
|
||||
|
||||
### Adjust config
|
||||
|
||||
* Replace deprecated legacy_ssl with c2s_direct_tls.
|
||||
* Removed use_libevent = true. This means the default is now used which is epoll.
|
||||
|
||||
### Test
|
||||
|
||||
Added a test to check that no deprecated config settings are used.
|
||||
|
||||
## v1.3.2
|
||||
|
||||
* Added Firewall module with optional custom blacklist
|
||||
|
||||
@ -102,13 +102,13 @@ COPY *.bash /usr/local/bin/
|
||||
|
||||
RUN download-prosody-modules.bash \
|
||||
&& docker-prosody-module-install.bash \
|
||||
bookmarks `# XEP-0411: Bookmarks Conversion` \
|
||||
carbons `# message carbons (XEP-0280)` \
|
||||
#bookmarks `# XEP-0411: Bookmarks Conversion` \
|
||||
#carbons `# message carbons (XEP-0280)` \
|
||||
cloud_notify `# XEP-0357: Push Notifications` \
|
||||
csi `# client state indication (XEP-0352)` \
|
||||
#csi `# client state indication (XEP-0352)` \
|
||||
e2e_policy `# require end-2-end encryption` \
|
||||
filter_chatstates `# disable "X is typing" type messages` \
|
||||
smacks `# stream management (XEP-0198)` \
|
||||
#smacks `# stream management (XEP-0198)` \
|
||||
throttle_presence `# presence throttling in CSI` \
|
||||
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
|
||||
firewall `# anti-spam firewall` \
|
||||
|
||||
@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
|
||||
|
||||
-- XEP-0368: SRV records for XMPP over TLS
|
||||
-- https://compliance.conversations.im/test/xep0368/
|
||||
legacy_ssl_ssl = {
|
||||
certificate = "certs/" .. domain .. "/fullchain.pem";
|
||||
c2s_direct_tls_ssl = {
|
||||
certificate = "certs/" .. domain .. "/fullchain.pem";
|
||||
key = "certs/" .. domain .. "/privkey.pem";
|
||||
}
|
||||
legacy_ssl_ports = { 5223 }
|
||||
c2s_direct_tls_ports = { 5223 }
|
||||
|
||||
-- https://prosody.im/doc/certificates#service_certificates
|
||||
-- https://prosody.im/doc/ports#ssl_configuration
|
||||
|
||||
@ -7,8 +7,6 @@ admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
|
||||
|
||||
pidfile = "/var/run/prosody/prosody.pid"
|
||||
|
||||
use_libevent = true; -- improves performance
|
||||
|
||||
allow_registration = os.getenv("ALLOW_REGISTRATION");
|
||||
|
||||
c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
|
||||
|
||||
1
tests/bats/bats-assert
Submodule
1
tests/bats/bats-assert
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit e2d855bc78619ee15b0c702b5c30fb074101159f
|
||||
1
tests/bats/bats-core
Submodule
1
tests/bats/bats-core
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit a751f3d3da4b7db830612322a068a18379c78d09
|
||||
1
tests/bats/bats-support
Submodule
1
tests/bats/bats-support
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 9bf10e876dd6b624fe44423f0b35e064225f7556
|
||||
@ -1,8 +1,6 @@
|
||||
version: "3.9"
|
||||
|
||||
services:
|
||||
prosody:
|
||||
image: prosody
|
||||
image: prosody/xmpp:latest
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
@ -19,7 +17,7 @@ services:
|
||||
- ./certs:/usr/local/etc/prosody/certs
|
||||
|
||||
prosody_postgres:
|
||||
image: prosody
|
||||
image: prosody/xmpp:latest
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
@ -53,7 +51,7 @@ services:
|
||||
POSTGRES_PASSWORD: prosody
|
||||
|
||||
prosody_ldap:
|
||||
image: prosody
|
||||
image: prosody/xmpp:latest
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "5000:5000"
|
||||
|
||||
@ -57,8 +57,8 @@ load 'bats/bats-assert/load'
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should activate legacy_ssl" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
|
||||
@test "Should activate c2s_direct_tls" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
@ -82,7 +82,17 @@ load 'bats/bats-assert/load'
|
||||
}
|
||||
|
||||
@test "Should show upload URL" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: <https:\/\/upload.example.com:5281\/upload> - Ensure this can be reached by users\""
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
|
||||
assert_success
|
||||
assert_output
|
||||
}
|
||||
|
||||
@test "Should not use deprecated config" {
|
||||
run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
|
||||
assert_failure
|
||||
}
|
||||
|
||||
@test "Should not have warnings in log" {
|
||||
run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
|
||||
assert_failure
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user